Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
dynamic (ActiveRecord based) implementation
- Loading branch information
Sven Fuchs
committed
Jul 16, 2009
1 parent
86e9841
commit 76e0a9a
Showing
5 changed files
with
98 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
require File.dirname(__FILE__) + '/test_helper' | ||
|
||
ActiveRecord::Base.connection.create_table :role_types do |t| | ||
t.references :parent | ||
t.string :name | ||
t.boolean :requires_context, :default => true | ||
end | ||
|
||
class RoleType < ActiveRecord::Base | ||
include Rbac::RoleType | ||
belongs_to :parent, :class_name => 'RoleType' | ||
|
||
class << self | ||
def build(name) | ||
find_by_name(name.to_s) || raise(Rbac::UndefinedRole.new(name)) | ||
end | ||
end | ||
|
||
def children | ||
self.class.all(:conditions => { :parent_id => self.id }) | ||
end | ||
|
||
def granted_to?(user, context = nil, options = {}) | ||
return super unless ['anonymous', 'user', 'author'].include?(name) | ||
return false if options[:explicit] | ||
|
||
case name | ||
when 'anonymous' | ||
true | ||
when 'user' | ||
user.try(:registered?) | ||
when 'author' | ||
context.respond_to?(:author) && context.author == user || super | ||
end | ||
end | ||
end | ||
|
||
anonymous = RoleType.create!(:name => 'anonymous', :parent => nil, :requires_context => false) | ||
user = RoleType.create!(:name => 'user', :parent => anonymous, :requires_context => false) | ||
author = RoleType.create!(:name => 'author', :parent => user) | ||
moderator = RoleType.create!(:name => 'moderator', :parent => author) | ||
superuser = RoleType.create!(:name => 'superuser', :parent => moderator, :requires_context => false) | ||
editor = RoleType.create!(:name => 'editor', :parent => user) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
require File.dirname(__FILE__) + '/test_helper' | ||
require File.dirname(__FILE__) + '/database' | ||
require File.dirname(__FILE__) + '/active_record_implementation' | ||
|
||
Rbac::RoleType.implementation = RoleType | ||
|
||
class ActiveRecordImplementationTest < Test::Unit::TestCase | ||
test "has_role? (single argument)" do | ||
assert_equal true, superuser.has_role?(:superuser) | ||
assert_equal true, superuser.has_role?(:user) | ||
assert_equal true, superuser.has_role?(:anonymous) | ||
end | ||
|
||
test "has_role? (array argument)" do | ||
assert_equal false, moderator.has_role?([:superuser]) | ||
assert_equal false, moderator.has_role?([:moderator, :superuser]) | ||
assert_equal true, moderator.has_role?([:moderator, :superuser], blog) | ||
assert_equal true, moderator.has_role?([:author, :superuser], content) | ||
end | ||
|
||
test "has_explicit_role?" do | ||
assert_equal true, superuser.has_explicit_role?(:superuser) | ||
assert_equal false, superuser.has_explicit_role?(:user) | ||
assert_equal false, superuser.has_explicit_role?(:anonymous) | ||
end | ||
|
||
test "has_permission? raises Rbac::AuthorizingRoleNotFound exception when authorizing role can not be found" do | ||
assert_raises(Rbac::AuthorizingRoleNotFound) { superuser.has_permission?('drink redbull', Rbac::Context.root) } | ||
end | ||
|
||
test "has_permission? returns true when the user has a role that authorizes the action" do | ||
with_default_permissions(:'edit content' => [:author]) do | ||
assert_equal true, superuser.has_permission?('edit content', Rbac::Context.root) | ||
end | ||
end | ||
|
||
test "has_permission? returns true for authorized roles that aren't part of the same role hierarchy" do | ||
with_default_permissions(:'edit content' => [:editor]) do | ||
content = self.content | ||
content.section.permissions = { :'edit content' => [:moderator] } | ||
assert_equal true, moderator.has_permission?('edit content', content) | ||
assert_equal true, editor.has_permission?('edit content', content) | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters